Asset Management, Cloud Security, Compliance Management, Security Staff Acquisition & Development, Vulnerability Management
CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins – PSW #697
This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
Larry Pesce
Product Security Research and Analysis Director at Finite State
- 1. Supreme Court narrows scope of CFAA computer hacking law
- 2. Establishing Confidence in IoT Device Security: How do we get there?
- 3. FireEye to sell products unit to Symphony-led group for $1.2B – TechCrunch
- 4. NortonLifeLock Unveils Norton Crypto
- 5. Major meat producer JBS USA hit by cyberattack, likely from Russia
- 6. Ransomware attack disrupts Massachusetts ferries
- 7. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
- 8. MOSI/MISO and 140 Years Of Wrong
Lee Neely
Senior Cyber Advisor at Lawrence Livermore National Laboratory
- 1. Army wants teleworkers to switch off smart IoT devices — FCWThe Army informed its teleworking workforce that they must immediately remove Internet of Thing (IOT) devices from their teleworking workspaces that possess the capability to listen for keywords that would automatically activate them.
- 2. Exclusive: Alibaba’s Huge Browser Business Is Harvesting The ‘Private’ Web Activity Of Millions Of Android And iPhone UsersUC Browser promised that with its “incognito” mode, no web browsing or search history would be recorded. Researcher discovers on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they’re in incognito mode or not, is sent to servers owned by UCWeb.
- 3. JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit: expertsThe White House stated the attack against the world’s largest meat-packer was likely conducted by Russian hackers; several U.S. government agencies are assisting the Brazilian company with cyber assistance.
- 4. Australian meat processor JBS Foods hit by cyber attackMeat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in Australia, US and other locations.
- 5. A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code RemotelySiemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be leveraged by attackers to obtain remote access to protected areas of memory, allowing them to perform unrestricted and undetected code execution.
- 6. Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery – CyberScoopCozy Bear (APT29) group was spotted just days ago leveraging an election fraud-related lure document attached to a phishing email that purports to originates from the U.S. Agency for International Development (USAID) in attacks targeting government agencies, research institutions, and non-governmental organizations (NGO) in the U.S. and Europe.
- 7. Feds Warn DarkSide May Not Stay DarkU.S. government cybersecurity and counterintelligence officials have revealed that the DarkSide cybercrime gang responsible for the Colonial Pipeline ransomware attack may soon reemerge, if it ever stopped operating at all.
- 8. US Pipelines Ordered to Increase Cyber Defenses After HackTSA has issued a directive mandating that U.S. pipeline owners and operators hire a cybersecurity coordinator, conduct regular cybersecurity assessments, and report any and all cyber incidents to the U.S. federal government.
- 9. APT actors exploiting Fortinet vulnerabilities to gain access to local governmentsAPT actors recently exploited old vulnerabilities affecting Fortinet firewalls and breached a web server hosting the domain belonging to a local U.S. government, and then moved laterally through the compromised network and created new domain controller, server, and workstation user accounts mimicking already existing accounts in order to exfiltrate or encrypt data and perform other malicious activities.
- 10. Researchers find four new malware tools created to exploit Pulse Secure VPN appliancesMandiant Threat Intelligence says it has spotted four new malware samples (Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse) that were specifically created to target Pulse Secure VPN appliances and are being used in attacks targeting defense, government, and financial organizations.
- 11. Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agenciesForeign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication.
- 12. Japanese government offices hackedThe Japanese government has disclosed it suffered a data beach after hackers accessed Fujitsu's "ProjectWEB" information-sharing software, which is widely used by public offices and business in Japan, and gained access to data related to air traffic control.
- 13. French police seized dark web marketplace Le Monde ParallèleLast week, French authorities have seized the dark web marketplace Le Monde Parallèle and arrested two of the platform's administrators following a months-long investigation.
- 14. Plaintext Passwords of 8.3 Million Users Leaked in a DailyQuiz Data BreachResearchers say they found an unsecured, exposed database belonging to DailyQuiz containing some 13 million users' PII and plaintext passwords.
- 15. Chip shortage will lead to higher PC prices as Dell, HP, and Lenovo pass on higher costsPC prices are likely to move higher in the second quarter and rest of 2021 as vendors pass along higher component and logistics costs amid strong demand.
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element